Clustered is a server attack tool kit which is written in python, Clustered is capable of version-aware exploitation and is also able to reconnaissance using robust and reliable techniques.

clusterd pentest 2

·        The only framework aware of a platform’s versionclusterd’s core is built around recon and exploitation of platforms based upon the discovered version. This version then can be used to deploy payloads or execute auxiliary modules. JBoss, for example, was particularly difficult to deploy to because it was never clear which deployment method worked with which version. clusterd has exhaustively been tested against many minor/major versions of JBoss, ensuring stability and dependability with version-specific deployments.
·        JBoss 7.x deploymentsCurrently, no other tool is capable of deploying WAR’s to JBoss 7.x and up. This is because gone are the days of jmx-console’s and exposed JMXInvokerServlets. 7.x uses a new HTTP API using JSON messaging. Deploying to this is still possible, and admittedly easier and more stable than before, but this interface will always require authentication. No default credentials are enabled.
·        SMB hash retrievalclusterd features a unique methodology for forcing remote application servers to emit their encrypted NTLM hash. This is performed by submitting an installation of a WAR containing a UNC path, which the server will then attempt to retrieve. Because of the way in which Windows connects to remote shares/UNC paths, it will automatically attempt to negotiate an SMB connection, divulging its encrypted NTLM hash. We use the standard nonce, 1122334455667788, to ease cracking of the hash.
·        Password brute forcingMany services, such as WebLogic, don’t use basic HTTP auth, thereby eliminating the use of HTTP authentication brute forcers, such as Hydra or Medusa. clusterd is fully capable of brute forcing authentication for all supported platforms using a provided wordlist and username. Also included are many default credentials for these platforms, so clusterd may even be able to guess credentials without you even knowing.
·        Python >= 2.7.x
·        Requests >= 2.2.x
The recommended installation of clusterd is to clone the Github repository
Please like subscribe and follow I would appreciate it.


Popular posts from this blog

Hacking with Kali linux ( Pdf download)

How to exploit sites through RFI